Hi !
Is my first mail to this list, as I'm an active user of the software I had
to start mailing here someday so... here is my question:
I've found a MySQL error on a website (by a modification in the URL) that
throws me this:
Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result
resource in /home/virtual/thewebsite.com/web/news/index.php on line 11
The syntax of the url is '' http://www.thewebsite.com/news/today/*/'' and
in the normal state of the URL there is a number (of the news page shown)
where I have writen the *.
If I write anything that is not a number it returns me the error.
Im having to problems here:
First one is that I'm not sure if im doing right the URI inyection with
sqlmap because i've found 3 URI inyections in diferent places but without
success. (Im using the * to show the tool where to test)
And the other one is that I'm not really sure if that error shows a really
exploitable flaw.
Sqlmap, by using the * wildcard, throws some possible UNION exploitable
points, but are discarded when finished the tests. I have tried also with
--union-char switch with different characters.
Sorry for all this text, hope you could help me a bit :S
Thanks !
------------------------------------------------------------------------------
Ridiculously easy VDI. With Citrix VDI-in-a-Box, you don't need a complex
infrastructure or vast IT resources to deliver seamless, secure access to
virtual desktops. With this all-in-one solution, easily deploy virtual
desktops for less than the cost of PCs and save 60% on VDI infrastructure
costs. Try it free! http://p.sf.net/sfu/Citrix-VDIinabox
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users
